Hello, although this might be a "works as specified" issue, I though it is worth mentioning it here, I spend some time on it yesterday and did not find anything googling for the problem.
I run a dnsmasq DHCP server and shorewall on a (low memory) nslu2 server. The dnsmasq DHCP server did not receive and dhcpdiscover broadcasts. Also I could not make shorewall logging the dropped or rejected dhcpdiscover packets by adding info attributes to the policies in the policy file. I could log the packets though after setting LOGALLNEW=debug This is the syslog entry: Dec 31 00:27:22 nslu2 kernel: Shorewall:mangle:PREROUTING:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:60:79:f8:ba:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x10 PREC=0x00 TTL=64 ID=0 PROTO=UDP SPT=68 DPT=67 LEN=308 Dec 31 00:27:22 nslu2 kernel: Shorewall:nat:PREROUTING:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:60:79:f8:ba:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x10 PREC=0x00 TTL=64 ID=0 PROTO=UDP SPT=68 DPT=67 LEN=308 Dec 31 00:27:22 nslu2 kernel: Shorewall:mangle:INPUT:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:60:79:f8:ba:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x10 PREC=0x00 TTL=64 ID=0 PROTO=UDP SPT=68 DPT=67 LEN=308 Dec 31 00:27:22 nslu2 kernel: Shorewall:filter:INPUT:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:60:79:f8:ba:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x10 PREC=0x00 TTL=64 ID=0 PROTO=UDP SPT=68 DPT=67 LEN=308 The root cause in my config was the line loc eth0 detect tcpflags,nosmurfs,detectnets which had a detectnets. loc eth0 detect tcpflags,nosmurfs works well. The documentation says # detectnets - Automatically taylors the zone named # in the ZONE column to include only those # hosts routed through the interface. Seems that this also affected the broadcast packets (dhcpdiscover). Is removing the detectnets the recommended solution? If yes, it would have helped me, if it would have been mentioned in the documentation, it might be worth to add a few words in the doucmentation. Thanks, Rainer -- Rainer Dorsch Lärchenstr. 6 D-72135 Dettenhausen 07157-734133 email: [EMAIL PROTECTED] jabber: [EMAIL PROTECTED] GPG Fingerprint: 5966 C54C 2B3C 42CC 1F4F 8F59 E3A8 C538 7519 141E Full GPG key: http://pgp.mit.edu/ ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
